CVE-2024-39493
July 10, 2024, 8:15 a.m.
Tags
Product(s) Impacted
Linux kernel
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Using completion_done to determine whether the caller has gone away only works after a complete call. Furthermore it's still possible that the caller has not yet called wait_for_completion, resulting in another potential UAF. Fix this by making the caller use cancel_work_sync and then freeing the memory safely.
Weaknesses
Date
Published: July 10, 2024, 8:15 a.m.
Last Modified: July 10, 2024, 8:15 a.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
416baaa9-dc9f-4396-8d5f-8c081fb06d67